Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN139
_____________________________________________________________________

DATE                : 09/02/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running VMware Tanzu Greenplum versions
                            prior to 6.32.0.

=====================================================================
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36803
_____________________________________________________________________

VMware Tanzu Greenplum 6.32.0


Product/Component

VMware Tanzu Data Intelligence
VMware Tanzu Data Suite
VMware Tanzu Greenplum 

Notification Id
36803

Last Updated
06 February 2026

Initial Publication Date
06 February 2026

Status
CLOSED

Severity
HIGH

CVSS Base Score

WorkAround

Affected CVE


Advisory ID                TNZ-2025-0418

Tanzu Issue Date           2026-01-21

Updated on                 2026-02-06

 
  	

               Highest Score CVE from list below advisory details

Severity           High

CVSS V4 Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS V4 Score      8.9 (Sev: HIGH)

CVSS V3.1 Vector   CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS V3.1 Score    7.5 (Sev: HIGH)

CVSS V2 Vector     Unavailable

CVSS V2 Score      Unavailable (Sev: Unavailable)

 
    Note: if cvss scores are "Unavailable" it is most likely due to the
vulnerability being GHSA or BDSA without a matching CVE for nvd lookup.


Product Version Release Advisory

    Product Release VMware Tanzu Greenplum 6.32.0
    Product Release Notes: https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-greenplum/6/greenplum-database/cve-gpdb.html 


Security Fixes: This release has the following security fixes, listed by component.

Component              Vulnerabilities Resolved

DataSciencePython3     	

    GHSA-cjgq-5qmw-rcj6 (medium)
    GHSA-f83h-ghpp-7wcc (high)
    GHSA-wf5f-4jwr-ppcp (high)

greenplum-db-clients
	
    CVE-2025-58187 (high)
    CVE-2025-58188 (high)
    CVE-2025-61723 (high)
    CVE-2025-61725 (high)
    CVE-2025-47912 (medium)
    CVE-2025-58183 (medium)
    CVE-2025-58185 (medium)
    CVE-2025-58186 (medium)
    CVE-2025-58189 (medium)
    CVE-2025-61724 (medium)
    GHSA-vvgc-356p-c3xw (medium)

PL/Container Python3 Image
	
    GHSA-2xpw-w6gg-jr37 (high)
    GHSA-6mq8-rvhq-8wgg (high)
    GHSA-gm62-xv2j-4w53 (high)
    GHSA-6jhg-hg63-jvvf (medium)
    GHSA-9hjg-9r4m-mvj7 (medium)
    GHSA-g84x-mcqj-x9qq (medium)
    GHSA-jj3x-wxrx-4x23 (medium)
    GHSA-pq67-6m6q-mj2v (medium)
    GHSA-54jq-c3m8-4m76 (low)
    GHSA-69f9-5gxw-wvc2 (low)
    GHSA-fh55-r93g-j68g (low)
    GHSA-mqqc-3gqh-h2x8 (low)
    GHSA-f83h-ghpp-7wcc (high)
    GHSA-wf5f-4jwr-ppcp (high)


 
=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================